Interesting spyware- "install character set"

a message was popping up saying that I needed to install the Chinese character set. Looked like a genuine message from Microsoft (I run XP)Whatever I then did (install, cancel or even ignore the window) at some point soon after an audio file gets played (but I can't see what player is being used to run it) which I think consists of extracts from a game. A character called Logan has been mentioned in this extract. I noticed that if I did try and install the character set as part of the install it tried to go to a site called www.adyieldx.comI've been trying to get rid of this spyware - I have McAfee Virus Scan Enterprise edition v8 and Spyware Doctor v4 installed, neither of them could find anything on a full system scan. I then installed Spyware Detector in a further attempt to get rid of this - on initial scan this product did find a Trojan and something called Buckin' Bronc which I have quarantined. However the audio file is still being played at random intervals.

Can anyone suggest how I can track this down and remove it? I've looked on this site but can't find anything similar, and it's difficult to Google for this one.

Thanks in advance

Please read our Forum FAQ in order to find out what info we need (HijackThislog) so we can help you.

Welcome to SWI. We apologize for the delay; our helpers have been very busy.If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

This tool will only report if it finds some Smitfraud infection.

Please download SmitfraudFix (by S!Ri)Extract all the content (to a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Wait for further instructions from me.

Note : process.exeis detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlog...processutil.htm

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

This tool will only report if it finds some Smitfraud infection.

Please download SmitfraudFix (by S!Ri)Extract all the content (to a folder named SmitfraudFix) on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Wait for further instructions from me.

Note : process.exeis detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlog...processutil.htm

Hi Nasdaq,

here's the content of the report as requested, I ran it twice - spyware detector told me that it had detected backdoor.rustock while SmitFraudFix was running....RUN 1SmitFraudFix v2.274

1 - Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link http://www.bleepingc...opic114351.html to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply together with a new hijackthis log.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.